IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

REST API: Add support for arrays in schema validation and sanitization.

Browse Source 
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.

This can easily be extended to support new data types, such as CSV fields or objects.

Props joehoyle, rachelbaker, pento.
Fixes #38531.


Built from https://develop.svn.wordpress.org/trunk@39046


git-svn-id: http://core.svn.wordpress.org/trunk@38988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Gary Pendergast
2016-10-31 01:48:41 +00:00
parent 8c811f8f90
commit 6c1e98d1fb
6 changed files with 183 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
View File

@@ -288,8 +288,30 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
foreach ( $options as $option_name => $option ) {
$schema['properties'][ $option_name ] = $option['schema'];
$schema['properties'][ $option_name ]['arg_options'] = array(
'sanitize_callback' => array( $this, 'sanitize_callback' ),
);
}
return $this->add_additional_fields_schema( $schema );
}
/**
* Custom sanitize callback used for all options to allow the use of 'null'.
*
* By default, the schema of settings will throw an error if a value is set to
* `null` as it's not a valid value for something like "type => string". We
* provide a wrapper sanitizer to whitelist the use of `null`.
*
* @param mixed $value The value for the setting.
* @param WP_REST_Request $request The request object.
* @param string $param The parameter name.
* @return mixed|WP_Error
*/
public function sanitize_callback( $value, $request, $param ) {
if ( is_null( $value ) ) {
return $value;
}
return rest_parse_request_arg( $value, $request, $param );
}
}